Access Points

Reply
Occasional Contributor II
Posts: 27
Registered: ‎03-16-2010

2nd AP connected to eth1 on AP-124?

We are trying to deploy two APs in a remote building without an edge switch, only a fiber transceiver. I am hoping to use an AP-124 connected via eth0 to the LAN, and then plug an AP-125 into eth1 of the AP-124. I haven't been able to documentation to describe this configuration, where eth1 needs to be tunnelled back to the controller with a specific VLAN to allow the 2nd AP to connect.

I've tried various options (bridge/tunnel, etc) on the AP group eth1 port configuration, but the 2nd AP will not connect.
Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

Power Profile


We are trying to deploy two APs in a remote building without an edge switch, only a fiber transceiver. I am hoping to use an AP-124 connected via eth0 to the LAN, and then plug an AP-125 into eth1 of the AP-124. I haven't been able to documentation to describe this configuration, where eth1 needs to be tunnelled back to the controller with a specific VLAN to allow the 2nd AP to connect.

I've tried various options (bridge/tunnel, etc) on the AP group eth1 port configuration, but the 2nd AP will not connect.




The first question is, what power profile are you using for that AP-124? In other words, what are you using to power that first AP? On the support site, look in the knowledgebase under answer ID 342: "How do I know which power profile AP-12X is using?". If you are not using the right kind of POE or enough power, it will not bring up that second ethernet port, at all.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 27
Registered: ‎03-16-2010

Re: 2nd AP connected to eth1 on AP-124?

Sorry, I didn't mention that part - we're using a Powerdsine 3001G, which provides sufficient power, as both ports are working. We did manage to get the 2nd AP to connect after I posted this, but I'm not certain the config we have is entirely correct. I'd prefer to read up more on this if there is a guide detailing it - I just haven't found it yet. We used Wired AP enable, Tunnelling, and Trusted Port, and this seemed to work. The switch mode was set to access, with the correct VLAN for the AP, but I'm not sure if this is necessary in this case.
Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

You are right




Your config is correct. Trusted, Wired AP enable, Switchmode set to access with the correct VLAN are the minimum that you need to configure this properly.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 27
Registered: ‎03-16-2010

Re: 2nd AP connected to eth1 on AP-124?

Thanks for confirming this. Is there a way to secure the port to prevent other devices from being placed in the same VLAN? ie: someone connecting a PC, etc. In a few cases, the AP may be physically accessible, so I'd like to ensure that only approved devices will get access.
Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

Number of Choices




You would:

Make the port untrusted
Change the AAA profile in Configuration> Advanced Services> Wired Access to be the AAA profile that authenticates users the way you want.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 27
Registered: ‎03-16-2010

Re: 2nd AP connected to eth1 on AP-124?

Ok, this makes sense. So if this means choosing dot1x auth to support the possibility of an end-user device connecting, does this also mean that the APs used on these ports will need an entry in the Radius server for dot1x auth by mac address? Or is there another way? (we're using MS IAS on Win2003, and dot1x by Mac is a bit messy...)

Thanks.
Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

What can be done

You can create an AP-group that has everything, except the second port, or enet1 is "trusted" and put that first AP in it. That way his enet1 will just bridge his traffic, instead of do authentication.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: